skip to main content
research-article
Open Access

SpecSafe: detecting cache side channels in a speculative world

Published:15 October 2021Publication History
Skip Abstract Section

Abstract

The high-profile Spectre attack and its variants have revealed that speculative execution may leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data. However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels. Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is a video presentation of our talk at OOPSLA 2020. In this presentation we describe a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.

References

  1. Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2003. The EM Side-Channel(s). In Cryptographic Hardware and Embedded Systems - CHES 2002, Burton S. Kaliski, çetin K. Koç, and Christof Paar (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 29–45. isbn:978-3-540-36400-9 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, François Dupressoir, and Michael Emmi. 2016. Verifying constant-time implementations. In 25th $USENIX$ Security Symposium ($USENIX$ Security 16). 53–70. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Elaine Barker and Nicky Mouha. 2017. Recommendation for the Triple Data Encryption Standard (TDEA) Block Cipher. NIST Special Publication, 800-67, Revision 2, US Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Daniel J. Bernstein. 2005. Cache-timing attacks on AES. cr.yp.to/papers.html#cachetimingGoogle ScholarGoogle Scholar
  5. Joseph Bonneau and Ilya Mironov. 2006. Cache-Collision Timing Attacks Against AES. In Cryptographic Hardware and Embedded Systems - CHES 2006, Louis Goubin and Mitsuru Matsui (Eds.) (Lecture Notes in Computer Science, Vol. 4249). Springer Berlin Heidelberg, 201–215. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In Proceedings of the 11th USENIX Conference on Offensive Technologies (WOOT’17). USENIX Association, Berkeley, CA, USA. 11–11. http://dl.acm.org/citation.cfm?id=3154768.3154779 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Robert Brotzman. 2021. Detecting and Mitigating Cache-Based Side-Channels. Ph. D. Dissertation. Pennsylvania State University.Google ScholarGoogle Scholar
  8. R. Brotzman, S. Liu, D. Zhang, G. Tan, and M. Kandemir. 2019. CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In 2019 IEEE Symposium on Security and Privacy (S&P). 364–380. issn:CFP19020-ART https://doi.org/10.1109/SP.2019.00022 Google ScholarGoogle ScholarCross RefCross Ref
  9. Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin Von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A systematic evaluation of transient execution attacks and defenses. In 28th USENIX Security Symposium (USENIX Security). 249–266. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Chandler Carruth. 2019. Speculative Load Hardening. https://llvm.org/docs/SpeculativeLoadHardening.htmlGoogle ScholarGoogle Scholar
  11. Sunjay Cauligi, Craig Disselkoen, Klaus v Gleissenthall, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe. 2020. Constant-Time Foundations for the New Spectre Era. In Proceedings of the 41st ACM Conference on Programming Language Design and Implementation (PLDI’20), London, UK. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. K. Cheang, C. Rasmussen, S. Seshia, and P. Subramanyan. 2019. A Formal Approach to Secure Speculation. In 32nd IEEE Computer Security Foundations Symposium (CSF). 288–28815.Google ScholarGoogle Scholar
  13. Lesly-Ann Daniel, S’ebastien Bardin, and Tamara Rezk. 2020. Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level. In 2020 IEEE Symposium on Security and Privacy (S&P). 1021–1038.Google ScholarGoogle ScholarCross RefCross Ref
  14. Jack Doweck, Wen-Fu Kao, Allen Kuan-yu Lu, Julius Mandelblat, Anirudha Rahatekar, Lihu Rappoport, Efraim Rotem, Ahmad Yasin, and Adi Yoaz. 2017. Inside 6th-generation intel core: New microarchitecture code-named skylake. IEEE Micro, 37, 2 (2017), 52–62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Goran Doychev, Dominik Feld, Boris Kopf, Laurent Mauborgne, and Jan Reineke. 2013. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In Proc. the 22nd USENIX Security Symposium (USENIX Security). 431–446. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Goran Doychev and Boris Köpf. 2017. Rigorous analysis of software countermeasures against cache attacks. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI). 406–421. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Joseph A. Goguen and Jose Meseguer. 1982. Security Policies and Security Models. In IEEE Symp. on Security and Privacy (S&P). 11–20.Google ScholarGoogle Scholar
  18. Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache Attacks on Intel SGX. In Proceedings of the 10th European Workshop on Systems Security (EuroSec’17). ACM, New York, NY, USA. Article 2, 6 pages. isbn:978-1-4503-4935-2 https://doi.org/10.1145/3065913.3065915 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Roberto Guanciale, Musard Balliu, and Mads Dam. 2020. InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS ’20). Association for Computing Machinery, New York, NY, USA. 1853–1869. isbn:9781450370899 https://doi.org/10.1145/3372297.3417246 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Marco Guarnieri, Boris Köpf, José F. Morales, Jan Reineke, and Andrés Sánchez. 2020. Spectector: Principled Detection of Speculative Information Flows. In Proceedings of the IEEE Symposium on Security & Privacy (S&P).Google ScholarGoogle ScholarCross RefCross Ref
  21. David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache Games—Bringing Access-Based Cache Attacks on AES to Practice. In Proc. IEEE Symp. on Security and Privacy (S&P). 490–505. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jann Horn. 2018. Issue 1528: speculative execution, variant 4: speculative store bypass. https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 Accessed: 2020-1-21Google ScholarGoogle Scholar
  23. Intel. 2018. Bounds Check Bypass. https://software.intel.com/security-software-guidance/software-guidance/bounds-check-bypassGoogle ScholarGoogle Scholar
  24. Intel. 2018. Intel Analysis of Speculative Execution Side Channels. https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdfGoogle ScholarGoogle Scholar
  25. Vladimir Kiriansky, Ilia A. Lebedev, Saman P. Amarasinghe, Srinivas Devadas, and Joel S. Emer. 2018. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), 974–987. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Paul Kocher. 2018. Spectre Mitigations in Microsoft’s C/C++ Compiler. https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.htmlGoogle ScholarGoogle Scholar
  27. Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P’19).Google ScholarGoogle Scholar
  28. Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology — CRYPTO’ 99, Michael Wiener (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 388–397. isbn:978-3-540-48405-9 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO ’96). Springer-Verlag, London, UK, UK. 104–113. isbn:3-540-61512-1 http://dl.acm.org/citation.cfm?id=646761.706156 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre Returns! Speculation Attacks using the Return Stack Buffer. In 12th USENIX Workshop on Offensive Technologies (WOOT 18). USENIX Association, Baltimore, MD. https://www.usenix.org/conference/woot18/presentation/koruyeh Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Chris Lattner and Vikram Adve. 2004. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization: Feedback-Directed and Runtime Optimization (CGO ’04). IEEE Computer Society, USA. 75. isbn:0769521029 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Fangfei Liu, Y. Yarom, Qian Ge, G. Heiser, and R.B. Lee. 2015. Last-Level Cache Side-Channel Attacks are Practical. In IEEE Symposium on Security and Privacy (S&P),. 605–622. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. J. Longo, E. De Mulder, D. Page, and M. Tunstall. 2015. SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip. In Cryptographic Hardware and Embedded Systems – CHES 2015, Tim Güneysu and Helena Handschuh (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 620–640. isbn:978-3-662-48324-4Google ScholarGoogle Scholar
  34. Giorgi Maisuradze and Christian Rossow. 2018. Ret2spec: Speculative Execution Using Return Stack Buffers. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18). Association for Computing Machinery, New York, NY, USA. 2109–2122. isbn:9781450356930 https://doi.org/10.1145/3243734.3243761 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. David Molnar, Matt Piotrowski, David Schultz, and David Wagner. 2006. The program counter security model: automatic detection and removal of control-flow side channel attacks. In Proc. 8superscript th International Conference on Information Security and Cryptology. 156–168. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Oleksii Oleksenko, Bohdan Trach, Tobias Reiher, Mark Silberstein, and Christof Fetzer. 2018. You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass. ArXiv, abs/1805.08506 (2018).Google ScholarGoogle Scholar
  37. Oleksii Oleksenko, Bohdan Trach, Mark Silberstein, and Christof Fetzer. 2020. SpecFuzz: Bringing Spectre-type vulnerabilities to the surface. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA. https://www.usenix.org/conference/usenixsecurity20/presentation/oleksenko Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Dag A. Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: the case of AES. Topics in Cryptology–CT-RSA 2006, Jan., 1–20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-party Compute Clouds. In 16th ACM Conference on Computer and Communications Security (CCS). 199–212. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware guard extension: Using SGX to conceal cache attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 3–24.Google ScholarGoogle ScholarCross RefCross Ref
  41. Eran Tromer, DagArne Osvik, and Adi Shamir. 2010. Efficient Cache Attacks on AES, and Countermeasures. Journal of Cryptology, 23, 1 (2010), 37–71. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In Proceedings of the 2Nd Workshop on System Software for Trusted Execution (SysTEX’17). ACM, New York, NY, USA. Article 4, 6 pages. isbn:978-1-4503-5097-6 https://doi.org/10.1145/3152701.3152706 Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Guanhua Wang, Sudipta Chattopadhyay, Ivan Gotovchits, Tulika Mitra, and Abhik Roychoudhury. 2019. oo7: Low-overhead defense against spectre attacks via program analysis. IEEE Transactions on Software Engineering.Google ScholarGoogle Scholar
  44. Shuai Wang, Yuyan Bao, Xiao Liu, Pei Wang, Danfeng Zhang, and Dinghao Wu. 2019. Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation. In 28th USENIX Security Symposium (USENIX Security 19). 657–674. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu. 2017. CacheD: Identifying Cache-Based Timing Channels in Production Software. In Proc. the 26th USENIX Security Symposium (USENIX Security). 235–252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Zhenyu Wu, Zhang Xu, and Haining Wang. 2012. Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 159–173. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Yuan Xiao, Mengyuan Li, Sanchuan Chen, and Yinqian Zhang. 2017. Stacco: Differentially analyzing side-channel traces for detecting SSL/TLS vulnerabilities in secure enclaves. In Proc. ACM Conf. on Computer and Communications Security (CCS). 859–874. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. 2011. An Exploration of L2 Cache Covert Channels in Virtualized Environments. In Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. 29–40. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher W. Fletcher, and Josep Torrellas. 2018. InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy. 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), 428–441. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-channel Attack. In Proceedings of the 23rd USENIX Conference on Security Symposium. 719–732. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM Side Channels and Their Use to Extract Private Keys. In Proceedings of the 2012 ACM Conference on Computer and Communications Security. 305–316. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. SpecSafe: detecting cache side channels in a speculative world

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image Proceedings of the ACM on Programming Languages
        Proceedings of the ACM on Programming Languages  Volume 5, Issue OOPSLA
        October 2021
        2001 pages
        EISSN:2475-1421
        DOI:10.1145/3492349
        Issue’s Table of Contents

        Copyright © 2021 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 15 October 2021
        Published in pacmpl Volume 5, Issue OOPSLA

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
      • Article Metrics

        • Downloads (Last 12 months)153
        • Downloads (Last 6 weeks)10

        Other Metrics

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!